CN105447348A - Display window hiding method and device and user terminal - Google Patents
Display window hiding method and device and user terminal Download PDFInfo
- Publication number
- CN105447348A CN105447348A CN201510786315.8A CN201510786315A CN105447348A CN 105447348 A CN105447348 A CN 105447348A CN 201510786315 A CN201510786315 A CN 201510786315A CN 105447348 A CN105447348 A CN 105447348A
- Authority
- CN
- China
- Prior art keywords
- display window
- function
- target display
- hidden
- window
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 238000001514 detection method Methods 0.000 claims description 40
- 238000011282 treatment Methods 0.000 claims description 21
- 230000007123 defense Effects 0.000 abstract 2
- 230000006870 function Effects 0.000 description 251
- 230000000694 effects Effects 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
- G06F21/126—Interacting with the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The embodiment of the invention discloses a method and a device for hiding a display window and a user terminal. The method comprises the following steps: when a target display window is detected, calling a first hiding function of a system application layer to hide the target display window; detecting whether the target display window is hidden; and if the target display window is detected not to be hidden, calling a second hiding function of the system kernel layer to hide the target display window. By adopting the embodiment of the invention, the display window protected by the malicious software can be hidden, and the defense efficacy of the defense software is enhanced.
Description
Technical field
The present invention relates to software technology field, particularly relate to a kind of hidden method of display window, device and user terminal.
Background technology
Active user's terminal can install multiple application program, and often kind of application program can realize different functions, thus enhances Consumer's Experience.User terminal carries out in application programs, in the process of installing, downloading some Malwares unavoidably.The operating system of user terminal mostly is the system based on window operation, as WINDOW operating system etc.Usual Malware can destroy the process of current normal operation, with obtained message by malicious way or to user by the mode PUSH message of window, as malice advertisement etc. on the display window of active user's terminal, and the display window that Malware runs cannot normally be hidden usually.
Current user terminal to be on the defensive interception to Malware by the mode of installing defence software, when Malware operationally, even if user terminal monitors the display window that Malware runs, also effectively cannot be hidden, be reduced the defence effect of defence software.
Summary of the invention
Embodiments provide a kind of hidden method of display window, device and user terminal.The display window that Malware is protected can be hidden, enhance the defence effect of defence software.
On the one hand, The embodiment provides a kind of hidden method of display window, the method can comprise:
When target display window being detected, first of calling system application layer is hidden function and is hidden described target display window;
Detect described target display window whether to be hidden;
If detect, described target display window is not hidden, then second of calling system inner nuclear layer the hiding function is hidden described target display window.
As optional embodiment, when target display window being detected, first of calling system application layer is hidden function and is hidden described target display window, comprising:
When target display window being detected, obtain the identification information of described target display window;
According to the identification information of described target display window, the window handle parameter that described first hides function is set;
The the first hiding function calling described setting is hidden described target display window.
As optional embodiment, call first of described setting hide before function to carry out described target display window hiding described, described method also comprises:
Arrange described first and hide the parameter value of the window treatments type parameter of function for hiding parameter value.
As optional embodiment, whether the described target display window of described detection is hidden, and comprising:
Whether the Window state detecting described target display window is hidden state, if hidden state, then determines that described target display window is hidden; Or
Detect the function execution result that described first hides function, if described function execution result represents successfully, then determine that described target display window is hidden.
As optional embodiment, detect that described target display window is not hidden if described, then second of calling system inner nuclear layer the hiding function is hidden described target display window, comprising:
If detect, described target display window is not hidden, and searches hide the second hiding function corresponding to function with described first at system kernel layer;
Hide the described window handle parameter of function according to described first, arrange described second and hide function;
Call the described second hiding function to hide described target display window.
As optional embodiment, when described system is WINDOWS operating system, the described first hiding function is ShowWindow function, and the described second hiding function is NtUserShowWindow function.
On the other hand, The embodiment provides a kind of hidden method of display window, this device can comprise:
First calling module, for when target display window being detected, first of calling system application layer is hidden function and is hidden described target display window;
Whether detection module, be hidden for detecting described target display window;
Second calling module, if detect that described target display window is not hidden for described detection module, then second of calling system inner nuclear layer the hiding function is hidden described target display window.
As optional embodiment, described first calling module comprises:
Acquiring unit, for when target display window being detected, obtains the identification information of described target display window;
First setting unit, for the identification information according to described target display window, arranges the window handle parameter that described first hides function;
First call unit, for calling described setting first hides function hides described target display window.
As optional embodiment, described first calling module also comprises:
Second setting unit, hides the parameter value of the window treatments type parameter of function for hiding parameter value for arranging described first.
As optional embodiment, described detection module comprises:
First detecting unit, for detecting whether the Window state of described target display window is hidden state, if hidden state, then determines that described target display window is hidden;
Second detecting unit, for detecting the function execution result that described first hides function, if described function execution result represents successfully, then determines that described target display window is hidden.
As optional embodiment, described second calling module comprises:
Searching unit, hiding the second hiding function corresponding to function for searching at system kernel layer with described first;
3rd setting unit, for hiding the described window handle parameter of function according to described first, arranges described second and hides function;
Second call unit, hides described target display window for calling the described second hiding function.
As optional embodiment, when described system is WINDOWS operating system, the described first hiding function is ShowWindow function, and the described second hiding function is NtUserShowWindow function.
Another aspect, The embodiment provides a kind of user terminal, and this user terminal can comprise user interface, storer and processor, wherein, store batch processing code in described storer, and described processor calls the program code stored in described storer, for performing following operation:
When target display window being detected, first of calling system application layer is hidden function and is hidden described target display window;
Detect described target display window whether to be hidden;
If detect, described target display window is not hidden, then second of calling system inner nuclear layer the hiding function is hidden described target display window.
In the embodiment of the present invention, when the target display window that will hide being detected, in calling system application layer first can hide function target display window hidden, after calling this first hiding function, detect target display window whether to be hidden, if detect and be not hidden, then show the execution result failure of the first hiding function, the implementation that Hook Function interferes the first hiding function is provided with in Malware, then can directly calling system inner nuclear layer second hide function target display window is hidden, thus the Hook Function can evading existence is to the interference of hiding function in application layer, directly hide the target display window by malware protection, enhance the defence effect of defence software.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the process flow diagram of an embodiment of the hidden method of a kind of display window in the present invention;
Fig. 2 is the process flow diagram of another embodiment of the hidden method of a kind of display window in the present invention;
Fig. 3 is the structural representation of an embodiment of the concealing device of a kind of display window in the present invention;
Fig. 4 is the structural representation of another embodiment of the concealing device of a kind of display window in the present invention;
Fig. 5 is the structural representation of an embodiment of a kind of user terminal in the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Below with reference to the accompanying drawings embodiments of the invention are described.Wherein, device described in the embodiment of the present invention or terminal comprise the subscriber equipment can installing Windows operating system or other operating systems, as mobile phone, panel computer, notebook, Wearable etc.
It is the process flow diagram of an embodiment of the hidden method of a kind of display window in the present invention see Fig. 1, Fig. 1.The method can comprise the following steps.
Step S101, when target display window being detected, first of calling system application layer is hidden function and is hidden described target display window.
In one embodiment, when user terminal detects target display window, can calling system application layer first hide function target display window is hidden.Concrete, user terminal defends software regularly or detect current display window according to user instruction by the third party installed, detect whether there is target display window by the content etc. shown by the propelling movement source of detection display window or display window, also by detecting user, whether the out code of display window being performed, judging currently whether there is target display window.Illustrate, by the propelling movement source of detection display window, judge whether the application program pushing this display window is maliciously, by judging whether this application program appears at blacklist or detect this application program whether comprise the modes such as malice mark to judge whether this application program is maliciously; Also judge whether this display window is the display window that malicious application pushes by the content shown by detection display window, as window displaying contents be non-user subscribe to advertising message or other comprise malice mark information time, then can determine that this display window is target display window; Also can detect user and whether shutoff operation carried out to current display window, if after user carries out shutoff operation to it, when other windows are not closed or ejected to this display window, then determine that this display window is target display window, need hide it.
In one embodiment, after target display window being detected, hide function by first of calling system application layer and target display window is hidden.Wherein, after user terminal or its third party defend application process to hide function by first of calling system application layer, first hides the second hiding function corresponding with it in function call system inner nuclear layer, completes hiding target display window.If the operating system of user terminal is WINDOWS operating system, then the first hiding function is ShowWindow function.Wherein, by arranging the parameter that first hides function, hiding function to first and calling.As by arranging the window handle parameter that first hides function, hiding function can being made to find corresponding target display window, by arranging the window treatments type parameter that first hides function, corresponding process being carried out to window.In the present embodiment, window treatments type parameter can be set to 0, namely representative need be hidden target display window.
Whether step S102, detect described target display window and be hidden.
In one embodiment, whether user terminal or its 3rd defence application process, after calling the first hiding function, can detect target display window and be hidden.If target display window is not hidden; then show that the Malware that this target display window is corresponding is protected this window by hook (HOOK) process; namely HOOK process is interfered the implementation that first hides function; cause the first hiding function to fail and adjust back the system kernel layer second hiding function corresponding with it, thus target display window is hidden unsuccessfully.Concrete, by shielding the function execution result whether gone back display-object display window or hidden function by detection first at detection display, judge whether target display window is successfully hidden.If detect, function execution result display screen still existing target display window or the first hiding function feedback is unsuccessfully, then determine that target display window is not hidden.
Step S103, if detect, described target display window is not hidden, then second of calling system inner nuclear layer the hiding function is hidden described target display window.
In one embodiment, if by the way can not vanishing target display window time, then user terminal or its third party defend application process can direct second the hiding function and hide target explicit function of calling system inner nuclear layer, thus can evade the interference of HOOK function to hiding process.Concrete, call if the third party of user terminal defends application process to hide function to second, the interface of this application process and system kernel layer can be pre-set, as third party defends application process when hiding unsuccessfully target display window, window handle information transmission corresponding for target display window can be defendd to drive to corresponding third party, with third party defend to drive for interface interchange system kernel from second hide function.Optionally, if when the operating system of user terminal is WINDOWS operating system, the second hiding function is NtUserShowWindow function, and it is corresponding with the ShowWindow function of application layer.
In the embodiment of the present invention, when the target display window that will hide being detected, in calling system application layer first can hide function target display window hidden, after calling this first hiding function, detect target display window whether to be hidden, if detect and be not hidden, then show the execution result failure of the first hiding function, the implementation that Hook Function interferes the first hiding function is provided with in Malware, then can directly calling system inner nuclear layer second hide function target display window is hidden, thus the Hook Function can evading existence is to the interference of hiding function in application layer, directly hide the target display window by malware protection, enhance the defence effect of defence software.
It is the process flow diagram of another embodiment of the hidden method of a kind of display window in the present invention see Fig. 2, Fig. 2.The method can comprise the following steps.
Step S201, when target display window being detected, obtains the identification information of described target display window.
In one embodiment, when user terminal detects target display window, can calling system application layer first hide function target display window is hidden.Concrete, user terminal defends software regularly or detect current display window according to user instruction by the third party installed, detect whether there is target display window by the content etc. shown by the propelling movement source of detection display window or display window, also by detecting user, whether the out code of display window being performed, judging currently whether there is target display window.Illustrate, by the propelling movement source of detection display window, judge whether the application program pushing this display window is maliciously, by judging whether this application program appears at blacklist or detect this application program whether comprise the modes such as malice mark to judge whether this application program is maliciously; Also judge whether this display window is the display window that malicious application pushes by the content shown by detection display window, as window displaying contents be non-user subscribe to advertising message or other comprise malice mark information time, then can determine that this display window is target display window; Also can detect user and whether shutoff operation carried out to current display window, if after user carries out shutoff operation to it, when other windows are not closed or ejected to this display window, then determine that this display window is target display window, need hide it.
In one embodiment, after target display window being detected, the identification information of this target display window can be obtained further.Wherein, this identification information possesses uniqueness, namely can find target display window by this identification information.
Step S202, according to the identification information of described target display window, arranges the window handle parameter that described first hides function.
In one embodiment, according to the identification information of obtained target display window, the window handle parameter that first hides function can be set.Wherein, window handle parameter is equivalent to the object pointer that function will act on, and by arranging the window handle parameter of hiding function, can find target display window.Wherein, identification information can be specially window handle, and namely display window has comprised handle information; Also other unique information of display window can be converted into window handle parameter, hide function to first and arrange.
Step S203, arranges described first and hides the parameter value of the window treatments type parameter of function for hiding parameter value.
In one embodiment, the window treatments type parameter that first hides function also can be set.Wherein, window treatments type can comprise multiple, as by maximum for window/to minimize, display window, hide window etc.Wherein, the window treatments type parameter that the predeterminable expection of often kind of window treatments type is corresponding, in the embodiment of the present invention, can be the optimum configurations that hide window is corresponding by window treatments type be 0.Namely show to hide target display window.
Step S204, the first hiding function calling described setting is hidden described target display window.
In one embodiment, after target display window being detected, hide function by first of calling system application layer and target display window is hidden.Wherein, after user terminal or its third party defend application process to hide function by first of calling system application layer, first hides the second hiding function corresponding with it in function call system inner nuclear layer, completes hiding target display window.If the operating system of user terminal is WINDOWS operating system, then the first hiding function is ShowWindow function.Arrange by the parameter of aforesaid way to hiding function, thus start the implementation hiding function.
Whether step S205, detect described target display window and be hidden.
In one embodiment, whether user terminal or its 3rd defence application process, after calling the first hiding function, can detect target display window and be hidden.If target display window is not hidden; then show that the Malware that this target display window is corresponding is protected this window by hook (HOOK) process; namely HOOK process is interfered the implementation that first hides function; cause the first hiding function to fail and adjust back the system kernel layer second hiding function corresponding with it, thus target display window is hidden unsuccessfully.Concrete, by shielding the function execution result whether gone back display-object display window or hidden function by detection first at detection display, judge whether target display window is successfully hidden.If detect, function execution result display screen still existing target display window or the first hiding function feedback is unsuccessfully, then determine that target display window is not hidden.
Step S206, if detect, described target display window is not hidden, and searches hide the second hiding function corresponding to function with described first at system kernel layer.
In one embodiment, if by the way can not vanishing target display window time, then search in system kernel layer with first hide function corresponding second hide function.If when the operating system of user terminal is WINDOWS operating system, the second hiding function is NtUserShowWindow function, and it is corresponding with the ShowWindow function of application layer.
Step S207, hides the described window handle parameter of function according to described first, arrange described second and hide function.
Step S208, calls the described second hiding function and hides described target display window.
In one embodiment, user terminal or its third party defend application process can direct second the hiding function and hide target explicit function of calling system inner nuclear layer, thus can evade the interference of HOOK function to hiding process.Concrete, call if the third party of user terminal defends application process to hide function to second, the interface of this application process and system kernel layer can be pre-set, as third party defends application process when hiding unsuccessfully target display window, window handle information transmission corresponding for target display window can be defendd to drive to corresponding third party, with third party defend to drive for interface interchange system kernel from second hide function.
In the embodiment of the present invention, when the target display window that will hide being detected, in calling system application layer first can hide function target display window hidden, after calling this first hiding function, detect target display window whether to be hidden, if detect and be not hidden, then show the execution result failure of the first hiding function, the implementation that Hook Function interferes the first hiding function is provided with in Malware, then can directly calling system inner nuclear layer second hide function target display window is hidden, thus the Hook Function can evading existence is to the interference of hiding function in application layer, directly hide the target display window by malware protection, enhance the defence effect of defence software, and improve Consumer's Experience.
It is the structural representation of an embodiment of the concealing device of a kind of display window in the present invention see Fig. 3, Fig. 3.This device can comprise: the first calling module 301, detection module 302, second calling module 303.
Wherein, the first calling module 301, for when detection module 302 detects target display window, first of calling system application layer is hidden function and is hidden described target display window.
In one embodiment, detection module 302 can be used for detecting in current display interface whether there is target display window, when user terminal detects target display window by detection module 302, the first calling module 301 can calling system application layer first hide function target display window is hidden.Concrete, user terminal defends software regularly or detect current display window according to user instruction by the third party installed, detect whether there is target display window by the content etc. shown by the propelling movement source of detection display window or display window, also by detecting user, whether the out code of display window being performed, judging currently whether there is target display window.Illustrate, by the propelling movement source of detection display window, judge whether the application program pushing this display window is maliciously, by judging whether this application program appears at blacklist or detect this application program whether comprise the modes such as malice mark to judge whether this application program is maliciously; Also judge whether this display window is the display window that malicious application pushes by the content shown by detection display window, as window displaying contents be non-user subscribe to advertising message or other comprise malice mark information time, then can determine that this display window is target display window; Also can detect user and whether shutoff operation carried out to current display window, if after user carries out shutoff operation to it, when other windows are not closed or ejected to this display window, then determine that this display window is target display window, need hide it.
In one embodiment, after detection module 302 detects target display window, the first calling module 301 is hidden function by first of calling system application layer and is hidden target display window.Wherein, after user terminal or its third party defend application process to hide function by first of calling system application layer, first hides the second hiding function corresponding with it in function call system inner nuclear layer, completes hiding target display window.If the operating system of user terminal is WINDOWS operating system, then the first hiding function is ShowWindow function.Wherein, by arranging the parameter that first hides function, hiding function to first and calling.As by arranging the window handle parameter that first hides function, hiding function can being made to find corresponding target display window, by arranging the window treatments type parameter that first hides function, corresponding process being carried out to window.In the present embodiment, window treatments type parameter can be set to 0, namely representative need be hidden target display window.
Whether detection module 302, be hidden for detecting described target display window.
In one embodiment, user terminal or its 3rd defence application process are after calling the first hiding function by the first calling module 301, whether detection module 302 can detect target display window and be hidden.If target display window is not hidden; then show that the Malware that this target display window is corresponding is protected this window by hook (HOOK) process; namely HOOK process is interfered the implementation that first hides function; cause the first hiding function to fail and adjust back the system kernel layer second hiding function corresponding with it, thus target display window is hidden unsuccessfully.Concrete, by shielding the function execution result whether gone back display-object display window or hidden function by detection first at detection display, judge whether target display window is successfully hidden.If detect, function execution result display screen still existing target display window or the first hiding function feedback is unsuccessfully, then determine that target display window is not hidden.
Second calling module 303, if detect that described target display window is not hidden for described detection module 302, then second of calling system inner nuclear layer the hiding function is hidden described target display window.
In one embodiment, if by the way can not vanishing target display window time, then user terminal or its third party defend application process to hide target explicit function by the second hiding function of the direct calling system inner nuclear layer of the second calling module 303, thus can evade the interference of HOOK function to hiding process.Concrete, call if the third party of user terminal defends application process to hide function to second, the interface of this application process and system kernel layer can be pre-set, as third party defends application process when hiding unsuccessfully target display window, window handle information transmission corresponding for target display window can be defendd to drive to corresponding third party, with third party defend to drive for interface interchange system kernel from second hide function.Optionally, if when the operating system of user terminal is WINDOWS operating system, the second hiding function is NtUserShowWindow function, and it is corresponding with the ShowWindow function of application layer.
In the embodiment of the present invention, when the target display window that will hide being detected, in calling system application layer first can hide function target display window hidden, after calling this first hiding function, detect target display window whether to be hidden, if detect and be not hidden, then show the execution result failure of the first hiding function, the implementation that Hook Function interferes the first hiding function is provided with in Malware, then can directly calling system inner nuclear layer second hide function target display window is hidden, thus the Hook Function can evading existence is to the interference of hiding function in application layer, directly hide the target display window by malware protection, enhance the defence effect of defence software.
It is the structural representation of another embodiment of the concealing device of a kind of display window in the present invention see Fig. 4, Fig. 4.This device can comprise: the first calling module 401, detection module 402, second calling module 403.
Wherein, the first calling module 401, for when target display window being detected, first of calling system application layer is hidden function and is hidden described target display window.
In the embodiment of the present invention, the first calling module 401 can comprise acquiring unit 4011, first setting unit 4012, second setting unit 4013, first call unit 4014.
Wherein, acquiring unit 4011, for when target display window being detected, obtains the identification information of described target display window.
In one embodiment, when user terminal detects target display window, can calling system application layer first hide function target display window is hidden.Concrete, user terminal defends software regularly or detect current display window according to user instruction by the third party installed, detect whether there is target display window by the content etc. shown by the propelling movement source of detection display window or display window, also by detecting user, whether the out code of display window being performed, judging currently whether there is target display window.Illustrate, by the propelling movement source of detection display window, judge whether the application program pushing this display window is maliciously, by judging whether this application program appears at blacklist or detect this application program whether comprise the modes such as malice mark to judge whether this application program is maliciously; Also judge whether this display window is the display window that malicious application pushes by the content shown by detection display window, as window displaying contents be non-user subscribe to advertising message or other comprise malice mark information time, then can determine that this display window is target display window; Also can detect user and whether shutoff operation carried out to current display window, if after user carries out shutoff operation to it, when other windows are not closed or ejected to this display window, then determine that this display window is target display window, need hide it.
In one embodiment, after target display window being detected, acquiring unit 4011 can obtain the identification information of this target display window further.Wherein, this identification information possesses uniqueness, namely can find target display window by this identification information.
First setting unit 4012, for the identification information according to described target display window, arranges the window handle parameter that described first hides function.
In one embodiment, the first setting unit 4012 according to the identification information of obtained target display window, can arrange the window handle parameter that first hides function.Wherein, window handle parameter is equivalent to the object pointer that function will act on, and by arranging the window handle parameter of hiding function, can find target display window.Wherein, identification information can be specially window handle, and namely display window has comprised handle information; Also other unique information of display window can be converted into window handle parameter, hide function to first and arrange.
Second setting unit 4013, hides the parameter value of the window treatments type parameter of function for hiding parameter value for arranging described first.
In one embodiment, the second setting unit 4013 can arrange the window treatments type parameter that first hides function.Wherein, window treatments type can comprise multiple, as by maximum for window/to minimize, display window, hide window etc.Wherein, the window treatments type parameter that the predeterminable expection of often kind of window treatments type is corresponding, in the embodiment of the present invention, can be the optimum configurations that hide window is corresponding by window treatments type be 0.Namely show to hide target display window.
First call unit 4014, for calling described setting first hides function hides described target display window.
In one embodiment, after target display window being detected, the first call unit 4014 is hidden function by first of calling system application layer and is hidden target display window.Wherein, after user terminal or its third party defend application process to hide function by first of calling system application layer, first hides the second hiding function corresponding with it in function call system inner nuclear layer, completes hiding target display window.If the operating system of user terminal is WINDOWS operating system, then the first hiding function is ShowWindow function.Arrange by the parameter of aforesaid way to hiding function, thus start the implementation hiding function.
Whether detection module 402, be hidden for detecting described target display window.
In one embodiment, user terminal or its 3rd defence application process are after calling the first hiding function by the first call unit 4014, whether detection module 402 can detect target display window and be hidden.If target display window is not hidden; then show that the Malware that this target display window is corresponding is protected this window by hook (HOOK) process; namely HOOK process is interfered the implementation that first hides function; cause the first hiding function to fail and adjust back the system kernel layer second hiding function corresponding with it, thus target display window is hidden unsuccessfully.In the embodiment of the present invention, detection module 402 also can comprise the first detecting unit and/or the second detecting unit.Concrete, by whether the first detecting unit detection display screen being gone back display-object display window or detecting by the second detecting unit the function execution result that first hides function, judge whether target display window is successfully hidden.If detect, function execution result display screen still existing target display window or the first hiding function feedback is unsuccessfully, then determine that target display window is not hidden.
Second calling module 403, if detect that described target display window is not hidden for described detection module 402, then second of calling system inner nuclear layer the hiding function is hidden described target display window.
In the embodiment of the present invention, the second calling module 403 can comprise searches unit 4031, the 3rd setting unit 4032, second call unit 4033.
Searching unit 4031, hiding the second hiding function corresponding to function for searching at system kernel layer with described first.
In one embodiment, if by the way can not vanishing target display window time, then search unit 4031 search in system kernel layer with first hide function corresponding second hide function.If when the operating system of user terminal is WINDOWS operating system, the second hiding function is NtUserShowWindow function, and it is corresponding with the ShowWindow function of application layer.
3rd setting unit 4032, for hiding the described window handle parameter of function according to described first, arranges described second and hides function.
Second call unit 4033, hides described target display window for calling the described second hiding function.
In one embodiment, user terminal or its third party defend application process to hide target explicit function by the second hiding function of the direct calling system inner nuclear layer of the second call unit 4033, thus can evade the interference of HOOK function to hiding process.Concrete, hide parameter by the 3rd setting unit 4032 according to the window handle optimum configurations second that first hides function, thus enable the second hiding parameter find the target display window that will act on; Call if the third party of user terminal defends application process to hide function to second, the interface of this application process and system kernel layer can be pre-set, as third party defends application process when hiding unsuccessfully target display window, window handle information transmission corresponding for target display window can be defendd to drive to corresponding third party, with third party defend to drive for interface interchange system kernel from second hide function.
In the embodiment of the present invention, when the target display window that will hide being detected, in calling system application layer first can hide function target display window hidden, after calling this first hiding function, detect target display window whether to be hidden, if detect and be not hidden, then show the execution result failure of the first hiding function, the implementation that Hook Function interferes the first hiding function is provided with in Malware, then can directly calling system inner nuclear layer second hide function target display window is hidden, thus the Hook Function can evading existence is to the interference of hiding function in application layer, directly hide the target display window by malware protection, enhance the defence effect of defence software, and improve Consumer's Experience.
See Fig. 5, it is the structural representation of an embodiment of a kind of terminal in the present invention.This terminal can comprise: at least one processor 501, as CPU, and at least one user interface 503, storer 504 and at least one communication bus 502.Wherein, communication bus 502 is for realizing the connection communication between these assemblies, user interface 503 can comprise display screen (Display) and keyboard (Keyboard), optionally, user interface 503 can also comprise wireline interface and the wave point of standard, storer 504 can be high-speed RAM storer, also can be non-labile storer (non-volatilememory), as at least one magnetic disk memory, optionally, storer 504 can also be that at least one is positioned at the memory storage away from aforementioned processor 501.Wherein, in storer 504, store batch processing code, and processor 501 calls the program code stored in storer 504, for performing following operation:
When target display window being detected, first of calling system application layer is hidden function and is hidden described target display window;
Detect described target display window whether to be hidden;
If detect, described target display window is not hidden, then second of calling system inner nuclear layer the hiding function is hidden described target display window.
As optional embodiment, when processor 501 detects target display window, first of calling system application layer is hidden function and to the concrete mode that described target display window is hidden is:
When target display window being detected, obtain the identification information of described target display window;
According to the identification information of described target display window, the window handle parameter that described first hides function is set;
The the first hiding function calling described setting is hidden described target display window.
As optional embodiment, call first of described setting at processor 501 and hide before function to carry out described target display window hiding, also for calling storage code in storer 504 to perform following operation:
Arrange described first and hide the parameter value of the window treatments type parameter of function for hiding parameter value.
As optional embodiment, processor 501 detects the concrete mode whether described target display window be hidden and is:
Whether the Window state detecting described target display window is hidden state, if hidden state, then determines that described target display window is hidden; Or
Detect the function execution result that described first hides function, if described function execution result represents successfully, then determine that described target display window is hidden.
As optional embodiment, if processor 501 detects that described target display window is not hidden, then second of calling system inner nuclear layer the hiding function to the concrete mode that described target display window is hidden is:
If detect, described target display window is not hidden, and searches hide the second hiding function corresponding to function with described first at system kernel layer;
Hide the described window handle parameter of function according to described first, arrange described second and hide function;
Call the described second hiding function to hide described target display window.
As optional embodiment, when described system is WINDOWS operating system, the described first hiding function is ShowWindow function, and the described second hiding function is NtUserShowWindow function.
In the embodiment of the present invention, when the target display window that will hide being detected, in calling system application layer first can hide function target display window hidden, after calling this first hiding function, detect target display window whether to be hidden, if detect and be not hidden, then show the execution result failure of the first hiding function, the implementation that Hook Function interferes the first hiding function is provided with in Malware, then can directly calling system inner nuclear layer second hide function target display window is hidden, thus the Hook Function can evading existence is to the interference of hiding function in application layer, directly hide the target display window by malware protection, enhance the defence effect of defence software, and improve Consumer's Experience.
Device embodiment described above is only schematic, the wherein said unit illustrated as separating component or can may not be and physically separates, parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of module wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.Those of ordinary skill in the art, when not paying performing creative labour, are namely appreciated that and implement.
Step in embodiment of the present invention method can be carried out order according to actual needs and be adjusted, merges and delete.
Unit in embodiment of the present invention terminal or equipment or subelement can carry out merging, divide and deleting according to actual needs.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that each embodiment can add required general hardware platform by software and realize, and can certainly pass through hardware.Based on such understanding, technique scheme can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product can store in a computer-readable storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment or embodiment.
Above-described embodiment, does not form the restriction to this technical scheme protection domain.The amendment done within any spirit at above-mentioned embodiment and principle, equivalently to replace and improvement etc., within the protection domain that all should be included in this technical scheme.
Claims (10)
1. a hidden method for display window, is characterized in that, comprising:
When target display window being detected, first of calling system application layer is hidden function and is hidden described target display window;
Detect described target display window whether to be hidden;
If detect, described target display window is not hidden, then second of calling system inner nuclear layer the hiding function is hidden described target display window.
2. method as claimed in claim 1, is characterized in that, when target display window being detected, first of calling system application layer is hidden function and hidden described target display window, comprising:
When target display window being detected, obtain the identification information of described target display window;
According to the identification information of described target display window, the window handle parameter that described first hides function is set;
The the first hiding function calling described setting is hidden described target display window.
3. method as claimed in claim 2, is characterized in that, call first of described setting hide before function carries out hiding to described target display window described, described method also comprises:
Arrange described first and hide the parameter value of the window treatments type parameter of function for hiding parameter value.
4. method as described in as arbitrary in claim 1-3, it is characterized in that, whether the described target display window of described detection is hidden, and comprising:
Whether the Window state detecting described target display window is hidden state, if hidden state, then determines that described target display window is hidden; Or
Detect the function execution result that described first hides function, if described function execution result represents successfully, then determine that described target display window is hidden.
5. method as described in Claims 2 or 3, is characterized in that, detects that described target display window is not hidden if described, then second of calling system inner nuclear layer the hiding function is hidden described target display window, comprising:
If detect, described target display window is not hidden, and searches hide the second hiding function corresponding to function with described first at system kernel layer;
Hide the described window handle parameter of function according to described first, arrange described second and hide function;
Call the described second hiding function to hide described target display window.
6. method as claimed in claim 5, is characterized in that, when described system is WINDOWS operating system, described first to hide function be ShowWindow function, and described second to hide function be NtUserShowWindow function.
7. a concealing device for display window, is characterized in that, comprising:
First calling module, for when target display window being detected, first of calling system application layer is hidden function and is hidden described target display window;
Whether detection module, be hidden for detecting described target display window;
Second calling module, if detect that described target display window is not hidden for described detection module, then second of calling system inner nuclear layer the hiding function is hidden described target display window.
8. device as claimed in claim 7, it is characterized in that, described first calling module comprises:
Acquiring unit, for when target display window being detected, obtains the identification information of described target display window;
First setting unit, for the identification information according to described target display window, arranges the window handle parameter that described first hides function;
First call unit, for calling described setting first hides function hides described target display window.
9. device as claimed in claim 8, it is characterized in that, described first calling module also comprises:
Second setting unit, hides the parameter value of the window treatments type parameter of function for hiding parameter value for arranging described first.
10. device as described in as arbitrary in claim 7-9, it is characterized in that, described detection module comprises:
First detecting unit, for detecting whether the Window state of described target display window is hidden state, if hidden state, then determines that described target display window is hidden;
Second detecting unit, for detecting the function execution result that described first hides function, if described function execution result represents successfully, then determines that described target display window is hidden.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510786315.8A CN105447348B (en) | 2015-11-13 | 2015-11-13 | A kind of hidden method of display window, device and user terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510786315.8A CN105447348B (en) | 2015-11-13 | 2015-11-13 | A kind of hidden method of display window, device and user terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105447348A true CN105447348A (en) | 2016-03-30 |
| CN105447348B CN105447348B (en) | 2019-04-05 |
Family
ID=55557518
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510786315.8A Active CN105447348B (en) | 2015-11-13 | 2015-11-13 | A kind of hidden method of display window, device and user terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105447348B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106022111A (en) * | 2016-07-13 | 2016-10-12 | 北京金山安全软件有限公司 | Processing method and device for hiding pop-up window and electronic equipment |
| CN110309647A (en) * | 2019-06-28 | 2019-10-08 | 北京金山安全软件有限公司 | Processing method and device for application program, electronic equipment and storage medium |
| CN113495651A (en) * | 2020-03-20 | 2021-10-12 | 北京京东振世信息技术有限公司 | Window control method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136762A (en) * | 2006-08-28 | 2008-03-05 | 中兴通讯股份有限公司 | Method for implementing improvement on network management locking security |
| CN102722680A (en) * | 2012-06-07 | 2012-10-10 | 腾讯科技(深圳)有限公司 | Method and system for removing rogue programs |
| CN102945341A (en) * | 2012-10-23 | 2013-02-27 | 北京奇虎科技有限公司 | Method and device for intercepting popup |
| CN103164654A (en) * | 2013-03-28 | 2013-06-19 | 北京奇虎科技有限公司 | Method of carrying out information cue on popup window and user interface display device |
| CN103795685A (en) * | 2012-10-29 | 2014-05-14 | 珠海市君天电子科技有限公司 | Anti-theft method and system for instant communication tool |
-
2015
- 2015-11-13 CN CN201510786315.8A patent/CN105447348B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136762A (en) * | 2006-08-28 | 2008-03-05 | 中兴通讯股份有限公司 | Method for implementing improvement on network management locking security |
| CN102722680A (en) * | 2012-06-07 | 2012-10-10 | 腾讯科技(深圳)有限公司 | Method and system for removing rogue programs |
| CN102945341A (en) * | 2012-10-23 | 2013-02-27 | 北京奇虎科技有限公司 | Method and device for intercepting popup |
| CN103795685A (en) * | 2012-10-29 | 2014-05-14 | 珠海市君天电子科技有限公司 | Anti-theft method and system for instant communication tool |
| CN103164654A (en) * | 2013-03-28 | 2013-06-19 | 北京奇虎科技有限公司 | Method of carrying out information cue on popup window and user interface display device |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106022111A (en) * | 2016-07-13 | 2016-10-12 | 北京金山安全软件有限公司 | Processing method and device for hiding pop-up window and electronic equipment |
| CN106022111B (en) * | 2016-07-13 | 2019-01-22 | 北京金山安全软件有限公司 | Processing method and device for hiding pop-up window and electronic equipment |
| CN110309647A (en) * | 2019-06-28 | 2019-10-08 | 北京金山安全软件有限公司 | Processing method and device for application program, electronic equipment and storage medium |
| CN110309647B (en) * | 2019-06-28 | 2022-02-25 | 北京乐蜜科技有限责任公司 | Processing method and device for application program, electronic equipment and storage medium |
| CN113495651A (en) * | 2020-03-20 | 2021-10-12 | 北京京东振世信息技术有限公司 | Window control method and device |
| CN113495651B (en) * | 2020-03-20 | 2024-05-21 | 北京京东振世信息技术有限公司 | Window control method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105447348B (en) | 2019-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11657152B2 (en) | Methods for behavioral detection and prevention of cyberattacks, and related apparatus and techniques | |
| US9596257B2 (en) | Detection and prevention of installation of malicious mobile applications | |
| EP3430556B1 (en) | System and method for process hollowing detection | |
| US8719935B2 (en) | Mitigating false positives in malware detection | |
| US10210329B1 (en) | Method to detect application execution hijacking using memory protection | |
| US8918878B2 (en) | Restoration of file damage caused by malware | |
| US7620990B2 (en) | System and method for unpacking packed executables for malware evaluation | |
| CN109214170B (en) | Malware identification via auxiliary file analysis | |
| US11288090B1 (en) | Methods, systems, and media for injecting code into embedded devices | |
| US11042633B2 (en) | Methods for protecting software hooks, and related computer security systems and apparatus | |
| CN105447348A (en) | Display window hiding method and device and user terminal | |
| EP3926918A1 (en) | Network attack defense method and apparatus, device, system and storage medium | |
| CN107203417B (en) | Data cleaning method, related device and electronic equipment | |
| US8677495B1 (en) | Dynamic trap for detecting malicious applications in computing devices | |
| US20200218832A1 (en) | Automatic Initiation of Execution Analysis | |
| US11314870B1 (en) | Auto-containment of potentially vulnerable applications | |
| CN107786413B (en) | Method for browsing e-mail and user terminal | |
| CN105975860B (en) | A kind of trust file management method, device and equipment | |
| US11277436B1 (en) | Identifying and mitigating harm from malicious network connections by a container | |
| CN112100153A (en) | File processing method and device, electronic equipment and readable storage medium | |
| CN108897639B (en) | File processing method and device | |
| US10951644B1 (en) | Auto-containment of potentially vulnerable applications | |
| EP4361861A1 (en) | Method and device for enhancing electronic content security | |
| US11423140B1 (en) | Auto-containment of guest user applications | |
| US11196754B1 (en) | Systems and methods for protecting against malicious content |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20181203 Address after: Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong. Applicant before: Zhuhai Juntian Electronic Technology Co.,Ltd. Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |